LGTM, Thanks Reviewed-by: Joshua Watt <[email protected]>
On Thu, Nov 13, 2025 at 11:42 AM Stefano Tondo via lists.openembedded.org <[email protected]> wrote: > > From: Stefano Tondo <[email protected]> > > Add missing [doc] strings for seven SPDX-related BitBake variables > that were previously undocumented in the spdx-common bbclass. > > Variables documented: > - SPDX_INCLUDE_SOURCES: Control source file inclusion in SBOM > - SPDX_INCLUDE_COMPILED_SOURCES: Control compiled source inclusion > - SPDX_UUID_NAMESPACE: Namespace for UUID generation > - SPDX_NAMESPACE_PREFIX: URI prefix for SPDX documents > - SPDX_PRETTY: JSON output formatting control > - SPDX_LICENSES: Path to SPDX license mapping file > - SPDX_CUSTOM_ANNOTATION_VARS: Custom annotation variables > - SPDX_MULTILIB_SSTATE_ARCHS: Multilib sstate architecture list > > This improves discoverability of these configuration options and > helps users understand how to customize SPDX/SBOM generation. > > Signed-off-by: Stefano Tondo <[email protected]> > --- > meta/classes/spdx-common.bbclass | 26 ++++++++++++++++++++++++++ > 1 file changed, 26 insertions(+) > > diff --git a/meta/classes/spdx-common.bbclass > b/meta/classes/spdx-common.bbclass > index ca0416d1c7..6bd1b56d96 100644 > --- a/meta/classes/spdx-common.bbclass > +++ b/meta/classes/spdx-common.bbclass > @@ -26,17 +26,43 @@ SPDX_TOOL_VERSION ??= "1.0" > SPDXRUNTIMEDEPLOY = "${SPDXDIR}/runtime-deploy" > > SPDX_INCLUDE_SOURCES ??= "0" > +SPDX_INCLUDE_SOURCES[doc] = "If set to '1', include source code files in the > \ > + SPDX output. This will create File objects for all source files used > during \ > + the build. Note: This significantly increases SBOM size and generation > time." > + > SPDX_INCLUDE_COMPILED_SOURCES ??= "0" > +SPDX_INCLUDE_COMPILED_SOURCES[doc] = "If set to '1', include compiled source > \ > + files (object files, etc.) in the SPDX output. This automatically > enables \ > + SPDX_INCLUDE_SOURCES. Note: This significantly increases SBOM size." > > SPDX_UUID_NAMESPACE ??= "sbom.openembedded.org" > +SPDX_UUID_NAMESPACE[doc] = "The namespace used for generating UUIDs in SPDX \ > + documents. This should be a domain name or unique identifier for your \ > + organization to ensure globally unique SPDX IDs." > + > SPDX_NAMESPACE_PREFIX ??= "http://spdx.org/spdxdocs"; > +SPDX_NAMESPACE_PREFIX[doc] = "The URI prefix used for SPDX document > namespaces. \ > + Combined with other identifiers to create unique document URIs." > + > SPDX_PRETTY ??= "0" > +SPDX_PRETTY[doc] = "If set to '1', generate human-readable formatted JSON > output \ > + with indentation and line breaks. If '0', generate compact JSON output. \ > + Pretty formatting makes files larger but easier to read." > > SPDX_LICENSES ??= "${COREBASE}/meta/files/spdx-licenses.json" > +SPDX_LICENSES[doc] = "Path to the JSON file containing SPDX license > identifier \ > + mappings. This file maps common license names to official SPDX license \ > + identifiers." > > SPDX_CUSTOM_ANNOTATION_VARS ??= "" > +SPDX_CUSTOM_ANNOTATION_VARS[doc] = "Space-separated list of variable names > whose \ > + values will be added as custom annotations to SPDX documents. Each > variable's \ > + name and value will be recorded as an annotation for traceability." > > SPDX_MULTILIB_SSTATE_ARCHS ??= "${SSTATE_ARCHS}" > +SPDX_MULTILIB_SSTATE_ARCHS[doc] = "The list of sstate architectures to > consider \ > + when collecting SPDX dependencies. This includes multilib architectures > when \ > + multilib is enabled. Defaults to SSTATE_ARCHS." > > python () { > from oe.cve_check import extend_cve_status > -- > 2.51.1 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#226264): https://lists.openembedded.org/g/openembedded-core/message/226264 Mute This Topic: https://lists.openembedded.org/mt/116279441/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
